A civic organization in Illinois recently showed officials how they
found sensitive personal information including everything identity thieves
and election fraudsters would need on the Chicago Board of Elections'
Website.

For at least the last six years, the Election Board's website has
exposed the Social Security numbers and birth dates of more than 1 million
registered voters to anyone with a computer.

The Illinois Ballot Integrity Project is a
not-for-profit, non-partisan civic organization dedicated to informing and
educating the public, media and government officials about important
election-integrity issues

Representatives with the civic group
say that someone conceivably could log into the Board's Website and make
changes, perhaps changing voters' status to inactive or changing their
polling places.

Board of Elections officials say they
have no reason to believe this has happened or anyone has messed with the
system thus far.

It would be difficult to determine how
many people have seen the sensitive information or may use it for criminal
purposes in the future.

The Elections website gets hundreds of
thousands of visitors during election season. Visitors from anywhere in the
world can check registration status, or find a polling place. According to
the Illinois Ballot Integrity Project, they could also get personal
information on registered voters, including date of birth and Social
Security numbers.

Project members were looking at voter
registration information on the site when they discovered the problem.

The board of elections thought they
had closed access to this information but it was still on their database.
They had no idea Internet users could still access it. The board met with
the Ballot Project people last week to fix the problem.

"Our computer people figured out right
away what the problem was. Those connections were severed, and they agree
that you can no longer hack in," Tom Leach, Chicago Board of Elections, told
reporters with WLS ABC-7. The biggest threat to the system they say would be
identity theft. They believe the election process is not affected.

The board says it is taking a number of
steps to make sure no one has used the information for identity theft
purposes. They are bringing in an outside computer expert to check for any
signs of hackers but the site wasn't hacked. It was simply accessed in the
form the board provided.

According to Bob Wilson, of the Ballot Initiative Project, hacking skills
were not necessary to view the sensitive information.
"We kind of accidentally started digging a
little deeper and seeing if we could get personal information of voters. At
that time, alarm bells went off,"

Leach says the board is eliminating the
database of full Social Security numbers. They will go by the last four
numbers only.

In affect, the board plans on redacting
the numbers that identity thieves
don't need while leaving the
critical last four digits intact. Banks and credit card companies use the
last four digits to identify customers who call in to change their accounts.
Additionally, the board will not be able to remove any sensitive information
from computers that have already accessed the site.

"What we don't want is voters to think
is, because of this problem, they're going to encounter problems in the
November 7th election," Leach said.

He's probably right. Chicago voters will only have problems with their
identities for the rest of their lives not their votes. Now that the Board
of Elections has published their private information, anyone who downloaded
the information can assume their identity, wipe out their credit, commit
crimes, create tax liabilities, even have surgery or access the welfare
system in their name.

Holding the Facilitators Accountable

Only one in 700 identity thieves are caught and few victims ever know the
true identity of the criminals. Holding those who facilitate identity theft
accountable is the quickest path to protecting American citizens.

The Chicago Elections Board provided the information for one of the
largest data breaches since the ChoicePoint debacle that exposed 163,000
people to a Nigerian criminal cartel.

The Federal Trade Commission held ChoicePoint accountable and the company
settled with the FTC for $10 million in civil penalties and $5 million for
consumer redress.

Hundreds of cases have been filed that seek to hold facilitators of
identity theft accountable for data breaches. Last year,
Florida's 11th Circuit Court of Appeals held that individuals suing
under federal privacy laws qualify to receive monetary damages even if they
did not suffer financial harm.

The court ruled, ""Damages for
a violation of an individual's privacy are a quintessential example of
damages that are uncertain and possibly unmeasurable. Since liquidated
damages are an appropriate substitute for the potentially uncertain and
unmeasurable actual damages of a privacy violation, it follows that proof of
actual damages is not necessary for an award of liquidated damages".

No matter how careful you think you are when it comes to who gets access
to your personal information, increasingly, criminals are finding all the
information they need about you on state and local government
Websites. Top attorneys are investigating these cases nationwide.

Victims of data breaches should hold the facilitators accountable by
filing a complaint with lawyers who take these cases seriously. The service
is free and confidential.